Installing a Comodo SSL Certificate on Webfaction

Posted on 07/23/2017 in misc

ssl

With Google getting more and more picky about ignoring websites that don't use SSL, I went ahead and added a SSL certificate to ODonnellWeb. I think the whole exercise is pretty damn silly. There is nothing non-public on the site, and no opportunity to login or otherwise share any sensitive info with me. But whatever, Google. It's your Internet, so I'll do as you want.

The tutorials on Webfaction's site are all designed about Let's Encrypt, a service that provides free 90 day certificates. However, it's a bit of a pain in the ass. When I discovered I could buy a 3-year certificate for $15, I decided the ease of installation was worth the small charge.

I bought a Comodo certificate from Cheap SSL Security. The process works like this.

  1. Go through the e-commerce process and buy your certificate.
  2. Generate a certificate signing request (CSR) via the form on your Webfaction control panel. This results in 2 text files that you will download, the CSR, and your private key. Keep them safe, Webfaction doesn't keep a copy.
  3. Go back to Cheap SSL and cut and paste the block of encrypted text from your CSR into the form on their site.
  4. Go through the email / domain validation process with Cheap SSL to verify you control the domain you are buying a certificate for.
  5. One the above is done they will email you 4 files.

-Root CA Certificate - AddTrustExternalCARoot.crt
-Intermediate CA Certificate - COMODORSAAddTrustCA.crt
-Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
-Your PositiveSSL Certificate - yoursite_com.crt

(The root certificate isn't used.)

Save the files to your hard drive. You'll need to concatenate the two Intermediate CA Certificates into one file, as show below. This tutorial will work on Linux / Mac. If you are on Windows you'll have to figure it out for yourself, because I don't do Windows. Open a terminal window, navigate to the directory where you saved the certificate files, and run the following command

cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt > ssl-bundle.crt

This combines the two files into one.

Now go back to the Webfaction control panel and click on upload a SSL certificate. Upload the "Your PositiveSSL" file, the private key file you made earlier with the CSR process, and the yoursite_com concatenated file you made with the steps above.

Now that the certificates are uploaded, you need to turn on SSL for the site and (if desired) create a redirect to force http traffic to https. You can follow Webfaction's instructions for the final two steps.

One quick thing about the Webfaction setup that you might hit is that file requests from your http site (such as images) will show as insecure, even though you've got the redirect set up to redirect insecure requests to the https site. I don't have a solution for that one, yet.

Click to comment, reply, or complain via email

I like hearing from readers, all three of you! Nobody comments on blogs anymore, and I'd rather not use Facebook or Twitter as a comment system so it's back to the email.